Due to the increasing globalization of economies, the need to provide network communications between geographically dispersed persons and facilities has increased. As a result, enterprises desire to protect their network while also providing network access to its locally and remotely situated persons and/or facilities. Protecting the network includes protecting a user's network access device and information thereon, and protecting the network to which the user's access device is connected. For example, a host network and connected clients may be vulnerable to rogue code, such as a virus, running on one of the client access devices.
In a private network, where the same entity is authenticating the user and controlling network access, there are solutions that will inspect the configuration of the device during authentication, and then either deny access or quarantine the device (by restricting it to a special VLAN) until the configuration has been updated, and the device is no longer a threat to the network. The configuration update takes place after the authentication has been completed.
When roaming on a 3rd party network (e.g., a public network), the 3rd party network will not have a VLAN dedicated to remediation for that customer's configurations. Therefore, there is no easy way to remediate the device after authentication. Once authentication is complete, the device is granted full network access and the device and/or the network are thus vulnerable.